[56] in Security FYI
new security hole in wu-ftpd
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Fri Jun 23 02:51:09 2000
From: mhpower@MIT.EDU
Message-Id: <20000623065102.27455.qmail@customer-care.infrastructure.org>
Date: Fri, 23 Jun 2000 02:51:02 -0400
To: security-fyi@MIT.EDU
Reply-To: net-security@MIT.EDU
-----BEGIN PGP SIGNED MESSAGE-----
A new security problem has recently been announced concerning the Unix
FTP daemon named wu-ftpd -- the problem can allow intruders to break
in to your computer remotely, gaining root access immediately in most
cases. wu-ftpd is the default FTP daemon in all versions of Red Hat
Linux, and is commonly used on many other types of Unix systems. An
official patch is not yet available, and in most cases the simplest
approach would be to turn off wu-ftpd by changing your inetd
configuration. We do have an unofficial patch suggestion for the small
number of MIT machines that really need to keep an ftpd running. For
more information about reconfiguring your computers to eliminate this
new security problem, see
http://web.mit.edu/net-security/www/fyi/fyi-2000-002-wuftpd.html
Please do not leave this FTP daemon running as-is on your computers.
Matt Power
Network Security team, MIT Information Systems
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOVMIBKXcG113/1BtAQGWGAQAkvhYgE7iX1kScBkRC280yiE3Yem5DlAr
bSdBBDgWZAqRb6NLWHjn2VQlwPwp4u5qcq0IgMbtPMXVcvsvT2tI5IBy6gGEfw/j
D5E+XY6tKG7kgB1AM76hpX6Rb0tfPJlF8h69JJqAG3JhHg5dz9ICcTV7ASOLoZ/B
qx+eAiDcC3Q=
=NKTD
-----END PGP SIGNATURE-----
